Search
31,027 CVEs · Critical severity
CVEs (31,027, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 31,027 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↓ | Description |
|---|---|---|---|---|---|
| CVE-2026-46840 | CRITICAL | Patched | 10.0 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Backend-as-a-Service). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allo… |
| CVE-2026-46839 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privilege… |
| CVE-2026-46833 | CRITICAL | Patched | 9.0 | 2026-05-28 | Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Difficult to exploit vulnerability allows un… |
| CVE-2026-46824 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affec… |
| CVE-2026-46822 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily ex… |
| CVE-2026-46819 | CRITICAL | Patched | 9.1 | 2026-05-28 | Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12… |
| CVE-2026-46817 | CRITICAL | Patched | 9.8 | 2026-05-28 | Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exp… |
| CVE-2026-46775 | CRITICAL | Patched | 9.9 | 2026-05-28 | Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privilege… |
| CVE-2026-45288 | CRITICAL | Patched | 9.8 | 2026-05-28 | Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter… |
| CVE-2026-34311 | CRITICAL | 9.8 | 2026-05-28 | Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5… | |
| CVE-2026-45039 | CRITICAL | Patched | 9.8 | 2026-05-28 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using … |
| CVE-2026-45787 | CRITICAL | Patched | 9.1 | 2026-05-28 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt,… |
| CVE-2026-45374 | CRITICAL | Patched | 9.6 | 2026-05-28 | CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool spawns durable sub-agents that inherit two insecure defaults, allow_shell def… |
| CVE-2026-45323 | CRITICAL | Patched | 9.6 | 2026-05-28 | MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node… |
| CVE-2026-45311 | CRITICAL | Patched | 9.6 | 2026-05-28 | CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meani… |
| CVE-2026-43898 | CRITICAL | Patched | 10.0 | 2026-05-28 | SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Cal… |
| CVE-2026-9098 | CRITICAL | 9.1 | 2026-05-28 | In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it co… | |
| CVE-2026-9097 | CRITICAL | 9.8 | 2026-05-28 | Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validat… | |
| CVE-2026-9094 | CRITICAL | 9.8 | 2026-05-28 | Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validat… | |
| CVE-2026-9093 | CRITICAL | 9.8 | 2026-05-28 | In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function… | |
| CVE-2026-9092 | CRITICAL | 9.1 | 2026-05-28 | Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function mat… | |
| CVE-2026-9090 | CRITICAL | 9.1 | 2026-05-28 | Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCert… | |
| CVE-2026-44477 | CRITICAL | Patched | 9.9 | 2026-05-28 | CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its… |
| CVE-2026-38707 | CRITICAL | Patched | 9.8 | 2026-05-28 | A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmwa… |
| CVE-2026-38704 | CRITICAL | Patched | 9.8 | 2026-05-28 | A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 fi… |